Joomla! EkRishta Component SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the Joomla! component EkRishta version 2.10. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter of POST requests sent to the login endpoint. Exploitation of this vulnerability could lead to the extraction of sensitive database information, including user credentials and system details.

Impact

Exploitation of this vulnerability allows for error-based SQL injection, where an attacker can manipulate SQL queries to extract information from the database. This could include sensitive data such as user credentials and other system information.

Reproduction

To reproduce this vulnerability, send a POST request to the login endpoint of the EkRishta component with a crafted SQL injection payload in the username field. The injection takes advantage of the application's SQL query handling by introducing malicious SQL code that is executed by the database. The response should indicate a SQL syntax error, confirming the injection was successful.